Is Briefer SOC 2 compliant?

Briefer is built entirely on SOC 2 Type II certified infrastructure. Our platform and hosting (Railway), database and auth (Supabase), integrations (Composio), email delivery (Resend), AI providers (Anthropic, OpenAI), payments (Stripe), and analytics (Mixpanel) all hold SOC 2 Type II certification. We inherit their compliance posture.

Does Briefer train AI models on my data?

No. Briefer operates on a privacy-first model. Neither Briefer nor our AI providers (Anthropic and OpenAI) train on your data. Your investor data, company metrics, and update content are never used for model training.

How is data encrypted in Briefer?

All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Our database uses row-level security on all tables, ensuring that users can only access data they are authorized to see. Passwords are hashed with bcrypt.

Where is Briefer data stored?

Briefer runs on Google Cloud Platform via Railway, with databases hosted on Supabase. All infrastructure providers are SOC 2 Type II certified and operate in secure, audited data centers.

Can investors see my internal workspace data?

No. Briefer operates on a zero-compromise privacy model. Investors only receive the structured output that founders explicitly approve and publish. The founder's internal workspace, raw data, and draft content remain strictly siloed and inaccessible to investors.

Security First.

We build on trusted, compliance-certified infrastructure so your investor data stays protected. Here's how we keep your information safe.

Compliant Infrastructure

Built on SOC 2, ISO 27001, and GDPR compliant providers. We inherit their security posture.

Data Protection

AES-256 encryption at rest, TLS 1.3 in transit, and row-level security on all data

Privacy by Design

No training on your data, minimal data retention, and transparent data handling

Our Stack

Built on Trusted Providers

We chose infrastructure partners with strong security track records and compliance certifications, so you benefit from their investments in security.

Service	Security Features
Railway Platform & Hosting	•Automatic HTTPS with managed TLS •Secrets with KMS encryption •Network isolation between projects •Annual penetration testing •Disaster recovery runbooks •Runs on Google Cloud Platform	Trust Page
Supabase Database & Auth	•Row-level security on all tables •AES-256 encryption at rest •TLS 1.3 encryption in transit •Multi-factor authentication •OAuth 2.0 and social auth •Bcrypt password hashing	Trust Page
Composio Integrations	•Managed OAuth authentication •Granular permission controls •Secure token management •Incident response procedures •Data management policies •Secure development lifecycle	Trust Page
Resend Email Delivery	•TLS 1.3 encryption in transit •AES-256 encryption at rest •Regular third-party audits •Responsible disclosure program •Data subprocessor transparency	Trust Page
Anthropic AI / LLM	•No training on customer data •API data not used for model training •TLS 1.3 encryption in transit •AES-256 encryption at rest •API key deactivation on exposure •Privacy-first data handling	Trust Page
OpenAI AI / LLM	•Data encrypted in transit and at rest •No training on API data •Bug bounty program •Third-party security audits •Enterprise data controls •Compliant with privacy regulations	Trust Page
LangSmith AI Observability	•Data encrypted in transit and at rest •No training on customer data •TLS 1.3 encryption in transit •AES-256 encryption at rest •Data ownership and privacy controls •Enterprise-grade security	Trust Page
Stripe Payments	•Card data never touches our servers •Full PCI compliance •Multi-factor authentication •Role-based access controls •HTTPS enforcement everywhere •Proactive API key monitoring	Trust Page
Mixpanel Analytics	•TLS encryption in transit •Data encrypted at rest •Logical data separation •GDPR compliance tools •Data retention controls •Google Cloud infrastructure	Trust Page